20Jul/1016
phpUserAuth Released!
It's finally done! The package is up for grabs, with a quick starter guide.
Please go through the project page for more details!
The Readme.txt file inside folder "readme" contains instructions for installation and usage
Leave your comments/questions/suggestions on the project page.
Out.
October 28th, 2010 - 16:39
Hello, very good authenticator in php, how bad I can not prove, since the power to use it, I get an error such as this:
values = $ _SESSION ['valueArray'], $ this-> errors = $ _SESSION ['errorArray'], $ this-> numErrors = count ($ this-> errors) unset ($ _SESSION ['valueArray']); unset ($ _SESSION ['errorArray']);} else {$ this-> numErrors = 0;}} / ** * setValue – Records the value typed Into The Given * form field by the user. * / Function setValue ($ field, $ value) {$ this-> values [$ field] = $ value;} / ** * setError – Records new form error Given the form * field name and the error message attached to it. * / Function setError ($ field, $ errmsg) {$ this-> errors [$ field] = $ errmsg, $ this-> numErrors = count ($ this-> errors);} / ** * value – Returns the value Given attached to the * field, if none exists, the empty string is returned. * / Function value ($ field) {if (array_key_exists ($ field, $ this-> values)) {return htmlspecialchars (stripslashes ($ this-> values [$ field]));} else {return “”;}} / ** * error – Returns the error message attached to the * Given field, if none exists, the empty string is returned. * / Function error ($ field) {if (array_key_exists ($ field, $ this-> errors)) {return $ this-> errors [$ field];} else {return “”;}} / * getErrorArray – Returns the array of error messages * / function getErrorArray () {return $ this-> errors;}} $ form = new Form ();?>
As if the session failed or something, you could help me out thanks
October 29th, 2010 - 10:52
Please make sure you do not have any output written before the script starts. This is why the initial two lines have to be set at the first of any script. If your web server has already sent out the headers, or you have started a session somewhere outside on your application, you will need to remove/modify it accordingly. Since your error just prints the complete script, I’m guessing that there is some error with the PHP parsing.
October 29th, 2010 - 13:33
Thanks for the help, but right now I’m just testing this module (the authentication), not deploy my application.
October 29th, 2010 - 14:18
in addition, also within the FORM I get, within the user text box value (“and error (” user “);?> error (” pass “);?>. A greetings and thanks
October 29th, 2010 - 14:58
Thanks for the detailed feedback. I just went through the code and I have included short open tags < ? ?> instead of the regular PHP ones < ?php ?>. I will check all the files and upload the corrected version asap. In the meantime, if you enable short_open_tag in php.ini, you shouldn’t face any issues
October 29th, 2010 - 15:34
Perfect, and it works perfectly. Just one thing, the password change page and e-mail does not work, right?. Since both the demo, as what I downloaded, it shows nothing, you could look at?
November 8th, 2010 - 19:34
You have already managed to change the password, or mail?, That I do not work and your demo either. Thanks
November 8th, 2010 - 19:47
You will be able to change the email/password only after you login. Otherwise, it will just display a blank page
January 10th, 2011 - 05:28
Hi
The browser is also capable of storing passwords. IS there a way to combine your hashed sending the password and still letting the browser log the correct password? Because now the browser is logging the hash pass en gives that back when logging in again.
The other option is to always have to fill in the user/pass. Also annoying…
January 10th, 2011 - 07:45
1) It should be possible to save the regular password in the browser. Will look into it.
2) If you want autocomplete, just remove the autocomplete=”off” attribute for the loginForm in login.php
January 11th, 2011 - 05:06
Hi Srinath
Thanks for your quick response.
Yesterday I tested the solution below but with other errors, so it didn’t work. Having solved the errors ->
This concept creates the desired properly working login scheme:
Adding an ‘temp’ input field [uapassx] in the login form but without the name attribute. This causes to properly store the pass in the browser. The form though is sent without the $_POST value for uapassx
username
password
Remember me [max 30 days]?
document.write(”);
document.write(”);
The js has some changes too:
function processForm() {
span = document.getElementsByTagName(‘span’);
for(i=0;i<span.length;i++)
span[i].innerHTML = '';
pass = document.getElementById('uapassx').value;
user = document.getElementById('user').value;
if(username(user) && password(pass,'passError')) {
hash = hex_sha1(document.getElementById('uapassx').value);
document.loginForm.pass.value = hash;
return true;
}
return false;
}
=============
Gives this $_POST result with autocomplete ON:
Array ( [user] => username [to] => [doLogin] => login! [hashed] => 1 [pass] => hashedpassword )
=============
With autocomplete > ON: Another option would be to accept that the browser remembers the hashed pass (very secure), but then submitting the form with the autocompleted hashed pass should not hash the hashed pass twice. In that case hashing should be turned off by JS.
Didn’t try this yet.
If you have better solutions … let me know!
regards Erni
January 11th, 2011 - 05:09
oops html is filtered
January 11th, 2011 - 05:14
using {{ and }} instead just to explain:
{{form name=”loginForm” method=”post” action=”URL” autocomplete=”on”}}
{{p}}{{label for=”username”}}username{{/label}}
{{input type=”text” name=”user” id=”user” maxlength=”24″ value=”" tabindex=”1″ autocomplete=”on” /}}
{{span class=”formError” id=”userError”}}{{/span}}
{{label for=”pass”}}password{{/label}}
{{input type=”password” id=”uapassx” value=”" tabindex=”2″ /}}{{br /}}
{{span class=”formError” id=”passError”}}{{/span}}
{{/p}}
{{p}}{{input type=”hidden” name=”to” value=”" /}}
{{input class=”submit” type=”submit” name=”doLogin” id=”doLogin” onclick = “return processForm()” value=”login!” /}}{{/p}}
{{p}} {{/p}}{{p}}
{{input type=”checkbox” name=”remember” id=”remember” value=”1″ tabindex=”3″ /}} Remember me?{{/p}}
{{script type=”text/javascript”}}
document.write(‘{{input type=”hidden” name=”hashed” value=”1″ /}}’);
document.write(‘{{input type=”hidden” name=”pass” id=”pass” value=”" /}}’);
{{/script}}
{{/form}}
{{script type=”text/javascript”}}
document.getElementById(‘user’).focus();
function processForm() {
span = document.getElementsByTagName(‘span’);
for(i=0;i{{span.length;i++)
span[i].innerHTML = ”;
pass = document.getElementById(‘uapassx’).value;
user = document.getElementById(‘user’).value;
if(username(user) && password(pass,’passError’)) {
hash = hex_sha1(document.getElementById(‘uapassx’).value);
document.loginForm.pass.value = hash;
return true;
}
return false;
}
{{/script}}
January 11th, 2011 - 07:50
I’ve made the necessary modifications to the form/javascript. Try this and let me know if it works
<form name="loginForm" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>"> <label for="username">Username</label> <input type="text" name="user" id="user" maxlength="24" value="<? echo $form->value("user"); ?>" tabindex="1" /> <span class="formError" id="userError"><? echo $form->error("user"); ?></span> <label for="pass">Password</label> <input type="password" name="upass" id="upass" value="" tabindex="2" /> <span class="formError" id="passError"><? echo $form->error("pass"); ?></span> <input type="hidden" name="pass" id="pass" value="" /> <br /><input type="hidden" name="to" value="<?php echo isset($_GET['to']) ? $_GET['to'] : ''; ?>" /> <input type="submit" name="doLogin" id="doLogin" onclick = 'return processForm()' value="Login" /> <?php if(REMEMBER_USER) { ?> <input type="checkbox" name="remember" id="remember" value="1" tabindex="3" /> Remember Me? <?php }?> <br /><br /><a href="<?php echo $user->actualPath; ?>forgot.php?do=pass">Forgot Password?</a> <a href="<?php echo $user->actualPath; ?>forgot.php?do=user">Forgot Username?</a> <br /><br /><a href="<?php echo $user->actualPath; ?>signup.php">Get an account</a> <script type="text/javascript"> document.write('<input type="hidden" name="hashed" value="1" />'); </script> </form> </div> <script type="text/javascript"> function processForm() { span = document.getElementsByTagName("span"); for(i=0;i<span.length;i++) span[i].innerHTML = ''; pass = document.getElementById('upass'); user = document.getElementById('user'); if(username(user.value) && password(pass.value,'passError')) { hash = hex_sha1(pass.value); document.loginForm.pass.value = hash; // Remove the upass element if( pass.parentNode && pass.parentNode.removeChild ) { pass.parentNode.removeChild(pass); } return true; } return false; } </script>January 12th, 2011 - 03:02
Unfortunately .. it doesn’t work. Can’t login at all.
January 12th, 2011 - 03:27
Changed part of your js back into original and that worked fine
========
if(username(user) && password(pass,’passError’)) {
hash = hex_sha1(document.getElementById(‘upass’).value);
document.loginForm.pass.value = hash;
========
My conclusion:
The user.value and pass.value should just be: user and pass because they are already defined as a VAR at lines 33/34.
Thanks this is a better solution and properly working!